Cloud Security Certification

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cloud Security Certification"

Transcription

1 Cloud Security Certification January 21,

2 Agenda 1. What problem are we solving? 2. Definitions (Attestation vs Certification) 3. Cloud Security Responsibilities and Risk Exposure 4. Who is responsible for cloud security? 5. Cloud Service Provider Certifications 6. CSA Open Certification Framework 7. Cumulus Project 8. Cloud Practitioner Certifications 9. Summary 2

3 What Problem are we Solving? 1. How do you know that the provider of your cloud services can be trusted with your..? 2. What are you basing this trust on? 3. What level of assurance do you need? 4. How can you compare the security services provided by one cloud service provider with another? 5. How can you compare the security features of cloud service providers? 6. What needs to be included in service agreements and contracts? 7. How can you demonstrate competency in cloud security? 3

4 Definitions Security Certification A statement by a recognized authority that a security evaluation has been undertaken competently and in accordance with appropriate regulations. The comprehensive assessment of the technical and non-technical security features and other safeguards of a system to establish the extent to which a particular system meets a set of specified security requirements for its use and environment. Security Accreditation Formal declaration by a Designated Approval Authority (DAA) that an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. Attestation The act of showing or evidence showing that something is true. Involves having a third party organization review the practices of the service provider and make a statement about the security posture of the organization. 4

5 Certification vs Attestation Certification Assessed against an externally governed framework and control standard. Assessed by a registrar from an accredited organization using a formal auditing standard Common framework and collection of controls Certification can be compared with other organizations Attestation Assessed against a framework and controls specific to the organization Could be self-assessed or by an independent/qualified third party From a service provider perspective, formal attestation reports such as a SOC 2 report may only be shared with existing customers. The assessment process is governed by standards but the object of the assessment is not. Attestations cannot be compared to other organizations. 5

6 Cloud security is a shared responsibility Shared between the enterprise and the cloud provider, with varying responsibilities depending on the nature of the (X)aaS type Private Cloud IaaS PaaS SaaS Governance, Risk & Compliance Data Security Application Security Platform Security Infrastructure Security Physical Security 6

7 Cloud Service Provider (CSP) Risk Exposure The nature of the CSP relationship determines the risk exposure 1. Risk Attributes Financial stability Geography Capability / capacity / service-levels Corporate strategy and leadership 2. Product / Service Profile Type of service / implementation Nature / extent of customer interaction Access to intellectual property Sensitivity to regulatory requirements 3. Level of Integration Integration into end products Emerging technologies, and alignment of technology and processes 4. Service Model affecting CSP Oversight Staff augmentation Managed service Potential Risk Exposures Strategic / CSP Selection Information Security Reputation Transaction / Operational Financial Legal / Compliance Credit Contractual Geopolitical Business Continuity 7

8 Cloud Certification Considerations Service Providers Ability to determine the level of security protection provided by the cloud service provider What are the legal implications? Assurance Levels Level of certification to match the required level of assurance in the provision of the cloud services What is the right level of assurance? Audit Requirements Obtain a 3 rd party opinion based on accepted standards and practices Speciality audits for service providers Professional Certifications Rely on the certified expertise of people involved in providing cloud services Obtain certifications to further a career 8

9 Cloud Service Provider Certifications 1. Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) Leading cloud security certifications based on the Open Certification Framework 2. US FedRAMP - Secure Cloud Computing for Federal Government Cloud certification using a baseline of security controls to support low and moderate impact systems based NIST V4 3. UK GCloud Assertion-based using implementation guidance in support of 14 cloud security principles 4. TRUSTed Cloud Privacy Certification Review of data privacy management practices. If practices are consistent with the TRUSTe Privacy Program Requirements will be granted the TRUSTe Certified Privacy Seal 5. Service Organizational Control (SOC) 2 compliance. SOC 2 certification is designed for a technology and cloud computing organizations. It provides the assurance that a service provider delivers secure, reliable and effective systems for information storage, com 9

10 Cloud Service Provider Certifications continued 6. ISO Certification Certification of the ISMS supporting the Cloud Services 7. ISO/IEC : Application of ISO/IEC to the cloud. Currently being developed. To provide guidance on application of ISO/IEC Part 1 to the cloud. 8. Hybrid Certification (externally certified and audited) Service Organization Controls 1 (SOC 1) Type II report Service Organization Controls 2 (SOC 2) Type II report ISO certification PCI DSS Level 1 US Federal Risk and Authorization Management Program (FedRamp) Audits including; ITAR, FIPS 140-2, FISMA/DIACAP, HIPAA This approach is used by Amazon AWS, Rackspace and Microsoft Azure. 9. CUMULUS - Certification infrastructure for MUlti-Layer cloud Services EU-based project for development of certification models, processes and tools 10.Geography Specific Hong Kong/Guangdong cloud security assessment and certification scheme Multi-Tier Cloud Security Standard for Singapore (MTCS SS 584:2013) Trusted Cloud Service Certification China Cloud Computing Promotion and Policy Forum (CCCPPF) 10

11 CSA - Open Certification Framework Cloud Security Alliance (CSA) objective is to: Promote best practices for providing security assurance within Cloud Computing Inform consumers and providers on security issues Plays a role in addressing and implementing viable solutions for security challenges CSA will increase size and relevance as interest in implementing cloud solutions proliferate The Benefits of CSA Certification include: Broad acceptance of the controls used for security; A juried certification process using globally accepted criteria (ISO 27001); Alignment with a broad selection of frameworks and criteria; Transparent and available information to support certifications; and Certification levels that are appropriate for the assurance required by the cloud service requirements. 11

12 CSA - Open Certification Framework The STAR approach offers 3 different levels of certification that would align with different levels of required assurance. The 1 st level, CSA STAR Self- Assessment level, is obtained by registering the results of the Consensus Assessments Initiative Questionnaire (CAIQ) completed by the Cloud Service Provider. The 2 nd level can be CSA STAR Certification, obtained from an independent assessment from an accredited 3 rd party or CSA STAR Attestation, obtained from a conducted SOC 2 report using the AICPA Trust Service Criteria and the CSA CCM. The 3 rd level, CSA STAR Continuous Monitoring is under development. Certification is built upon the globally accepted standard for information security management systems (ISO 27001). 12

13 CSA Cloud Controls Matrix (CCM) The CCM is a code of practice focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings CCM V3.0.1 Domains The CCM provides a broad foundation to satisfy cloud security requirements. The CCM defines 133 controls under 16 domains Each of the controls is cross-referenced with several other security frameworks including ISO 27001:2013, BITS, NIST Revision 4, AICPA Trust Service Criteria and PCI DSS V2 & V3 among others. 13

14 CSA Cloud Control Matrix V3.0 Control Domain CCM V3.0 Control ID Updated Control Specification ISO/IEC Application & Interface Security Application Security AIS-01 Applications and programming interfaces (APIs) shall be A9.4.2 designed, developed, deployed, and tested in accordance with A9.4.1, leading industry standards (e.g., OWASP for web applications) 8.1*Partial, A14.2.3, and adhere to applicable legal, statutory, or regulatory 8.1*partial, A compliance obligations. A12.6.1, A Audit Assurance & Compliance Audit Planning Change Control & Configuration Management New Development / Acquisition Data Security & Information Lifecycle Management Classification AAC-01 Audit plans shall be developed and maintained to address business process disruptions. Auditing plans shall focus on reviewing the effectiveness of the implementation of security operations. All audit activities must be agreed upon prior to executing any audits. CCC-01 Policies and procedures shall be established, and supporting business processes and technical measures implemented, to ensure the development and/or acquisition of new data, physical or virtual applications, infrastructure network and systems components, or any corporate, operations and/or datacenter facilities have been pre-authorized by the organization's business leadership or other accountable business role or function. DSI-01 Data and objects containing data shall be assigned a classification by the data owner based on data type, value, sensitivity, and criticality to the organization. False Clauses 4.3(a), 4.3(b), 5.1(e), 5.1(f), 6.2(e), 9.1, 9.1(e), 9.2, 9.3(f), A A A A A * (partial) A A A A

15 CSA Cloud Assessments Initiative Questionnaire (CAIQ) The CAIQ provides a tool that can be used to support the STAR selfassessment level of the Open Certification Framework It provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It is a series of yes or no control assertion questions which can be tailored to suit each unique cloud customer s requirements. There are 295 questions are based on the CSA Cloud Controls Matrix (CCM) using the same control groups and color coding. The questions are cross-referenced with other frameworks such as AICPA Trust Service Criteria, ISO 27001:2013, BITS, PIPEDA, COBIT, FedRamp, NIST , PCI DSS among others. The results of the questionnaire are contained in the STAR registry 15

16 CSA Consensus Assessments Initiative Questionnaire V3.0.1 Control Group Application & Interface Security Application Security CGI D AIS- 01 AIS-01.1 AIS-01.2 CID Control Specification Consensus Assessment Questions Applications and programming interfaces Do you use industry standards (Build (APIs) shall be designed, developed, Security in Maturity Model [BSIMM] deployed and tested in accordance with benchmarks, Open Group ACS Trusted leading industry standards (e.g., OWASP for Technology Provider Framework, NIST, web applications) and adhere to applicable etc.) to build in security for your Systems/ legal, statutory, or regulatory compliance Software Development Lifecycle (SDLC)? obligations. Do you use an automated source code analysis tool to detect security defects in code prior to production? CCM v3.0.1 Compliance Mapping ISO/IEC 27001:2013 A9.4.2 A9.4.1, 8.1*Partial, A14.2.3, 8.1*partial, A A12.6.1, A AIS-01.3 AIS-01.4 AIS-01.5 Audit AAC- AAC-01.1 Assurance & 01 Compliance Audit Planning Audit plans shall be developed and maintained to address business process disruptions. Auditing plans shall focus on reviewing the effectiveness of the implementation of security operations. All audit activities must be agreed upon prior to executing any audits. Do you use manual source-code analysis to detect security defects in code prior to production? Do you verify that all of your software suppliers adhere to industry standards for Systems/Software Development Lifecycle (SDLC) security? (SaaS only) Do you review your applications for security vulnerabilities and address any issues prior to deployment to production? Do you produce audit assertions using a structured, industry accepted format (e.g., CloudAudit/A6 URI Ontology, CloudTrust, SCAP/CYBEX, GRC XML, ISACA's Cloud Computing Management Audit/Assurance Program, etc.)? Clauses 4.3(a), 4.3(b), 5.1(e), 5.1(f), 6.2(e), 9.1, 9.1(e), 9.2, 9.3(f), A

17 CSA STAR Certification A STAR certification certificate cannot be issued unless the organization has passed their ISO assessment. The CSA maintains a registry of organizations that have completed one or more of the certification levels of the STAR certification framework. The STAR registry contains the information used for the CSA Open Certification Framework certifications. The self-assessment level will include the CSAQ self-assessment results The certification level includes the STAR certification registry entry and may include the STAR certificate if. The attestation level includes the attestation from the 3 rd party assessment organization. 17

18 Requirements for Bodies providing CSA STAR Certification A certification body conducting a CCM assessment must comply with ISO Accreditation is governed by ISO 27006:2011 Requirements for bodies providing audit and certification for information security management systems (the same standard for accrediting bodies for ISO certification). Assessors need to pass an accredited Lead Auditor Course for ISO or be a qualified and experienced ISO assessor for an International Accreditation Forum (IAF) member accredited ISO certification body. All assessors must have complete a BSI/CSA CCM exam. The scope of the ISO certification must not be less than the scope of the STAR certification. The assessment cycle is the same as ISO initial assessment followed by surveillance audits over a 3-year period. 18

19 Cumulus Certification infrastructure for MUlti-Layer cloud Services The Cumulus project is a research project initiated by 8 partners from European science and industry to investigate how future cloud services can be made more secure and trustworthy. The problems that the Cumulus project is addressing: There is difficulty to guarantee security properties of the different types of services available through clouds. Service providers are reluctant to take full responsibility of the security of their services once the services are uploaded and offered through a cloud. Cloud suppliers have historically refrained from accepting liability for a security leak. The provision and security of a cloud service is sensitive to changes due to cloud operation. 19

20 Cumulus Project The Cumulus project includes: Development of advanced cloud service certification based on service testing data, service monitoring data and trusted computing platforms proofs. Developing an integrated framework of models, processes and tools for certification at all layers of the cloud stack. Three initial industrial scenarios: ehealth, Smart Lighting and Smart Transportation. Development that is conducted under a number of development efforts organized as Work Packages. 1. WP 1 Project Management 2. WP 2 Certification Models and Processes 3. WP 3 Core Certification Mechanisms 4. WP 4 CUMULUS-aware Systems Engineering 5. WP 5 Infrastructure Design and Integration 6. WP 6 Industrial Scenarios and Validation 7. WP 7 Dissemination and Exploitation 20

21 Cumulus Certification Work Package 2 Certifying cloud-based applications and services. CUMULUS assumes that a certificate may be generated through a combination of three types of evidence (aka sources of trust): a) Test-based - test data regarding the component that is to be certified, b) Monitoring-based - monitoring data regarding the component that is to be certified, and/or c) Trusted computing based - other certificates that may have been generated for other properties of the component of interest or other components that contribute its implementation and which service provider depends on. Different certificate types are envisioned as the product of this project: Test-based certificates Hybrid certificates combination of test-based and monitoring-based Monitoring certificates Dynamic certificates combination of monitoring-based and trusted computing-based Trusted computing-based certificates The design of these mechanisms will be informed by the Cumulus certification models and processes that will be developed in work package WP2. 21

22 Professional Cloud Security Certifications 1. Cloud Security Alliance Cloud Computing Knowledge Certification The CCKS certification is vendor-neutral, certifies competency in key cloud security areas based on the Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing V3, English language version, and the ENISA report "Cloud Computing: Benefits, Risks and Recommendations for Information Security." 2. Cloud Certification Council Provides professional certifications in specific areas of cloud computing 3. Cloud U - Rackspace a vendor-neutral curriculum designed for IT professionals and business leaders that covers and certifies knowledge of the fundamentals of Cloud Computing 4. CompTIA Cloud Essentials covers the basic fundamentals of cloud computing and covers migration to the cloud and governance of cloud computing environments 5. Cloud Certified Professional -- CloudSchool.com offers a number of vendor-neutral cloud certifications aimed at competency in specific areas of cloud computing including Cloud Architects, Cloud Technology Professionals, Cloud Governance, and Cloud security, among others. 22

23 Professional Cloud Security Certifications 6. IBM Certified Cloud Solution Architect v1 and v3 demonstrate the design, plan, architecture and management capabilities for IBM's cloud computing infrastructure 7. Google Certified Deployment Specialist covers the fundamental skills, knowledge and technical expertise required to deploy Google Apps for Business and Education 8. Salesforce.com Certified Professional offers several certification tracks, including Salesforce Administrator, Force.com Developer, Implementation Expert, and Architect 9. VMware Certified Professional offers six cloud-specific certifications, from beginner to advanced in a variety of cloud and virtualization-related technologies and methodologies. 10. Red Hat Certificate of Expertise in Infrastructure-as-a-Service measures professionals' ability to design, build, deploy and manage private clouds based on the Red Hat Enterprise Linux OpenStack platform 23

24 Cloud Security Alliance Practitioner Certification Certificate of Cloud Security Knowledge (CCSK) The CCSK certification is vendor-neutral, and certifies competency in key cloud security areas. Time-limited on-line exam of 60 multiple choice questions pass is 80% The test is based on the Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing V3, and the ENISA report Cloud Computing: Benefits, Risks and Recommendations for Information Security. The CSA offers CCSK Training Security Guidance for Critical Areas of Focus in Cloud Computing V3 3 sections: Cloud Architecture, Governing the Cloud and Operating in the Cloud 14 Domains 1. Cloud Computing Architecture Framework 2. Governance and Enterprise Risk Management 3. Legal Issues: Contracts and Electronic Discovery 4. Compliance and Audit Management 5. Information Management and Data Security 6. Interoperability and Portability 7. Traditional Security, Business Continuity and Disaster Recovery 8. Data Center Operations 9. Incident Response 10. Application Security 11. Encryption and Key Management 12. Identity, Entitlement and Access Management 13. Virtualization 14. Security as a Service 24

25 Cloud Credential Council Certifications The Cloud Credential Council (CCC) is a global provider of vendorneutral cloud computing training and certification offering 9 certification programs. There are 5 professional level certifications, 2 associate level certifications. Training and a certificate of completion can be obtained for the US Federal FedRamp standard. Each certification focuses on a specific topic within the cloud computing space. The CCC provides training course and certification exams for each of the certification programs CCC provided an opportunity to be grandfathered into a certification by proving existing experience and knowledge in Cloud Computing 25

26 Cloud Credential Council (CCC) Professional Cloud Solutions Architect designed for senior technology professionals who are architecting and designing the future generation of technology solutions Professional Cloud Security Manager globally known as the standard of achievement for security and governance professionals involved with cloud-based solutions Professional Cloud Service Manager Globally recognized certification for Service Management professionals Professional Cloud Administrator demonstration of knowledge about Cloud Provisioning and Administration, Cloud Bursting, Interoperability, Strategic Policy Design, Disaster Recovery and Business Continuity, as well as Performance Measurement and Monitoring Professional Cloud Developer Globally recognized certification for Developers of cloud solutions. Cloud Business Associate demonstrates that candidates have the basic skill set and knowledge associated with cloud and business Cloud Technology Associate demonstrates that candidates have the basic skill set and knowledge associated with cloud and virtualization Executive FedRamp Credential Demonstrate a thorough understanding of aligning to FedRamp standard 26

27 Cloud School Certified Cloud Professional (CCP) The Arcitura Cloud School offers a program of cloud professional certifications for several areas of cloud security specializations. The Cloud School provides vendor-neutral cloud computing training and certification offering 9 certifications. 1. Certified Cloud Professional 2. Certified Cloud Technology Professional 3. Certified Cloud Architect 4. Certified Cloud Security Specialist 5. Certified Cloud Security Governance Specialist 6. Certified Cloud Storage Specialist 7. Certified Cloud Virtualization Specialist 8. Certified Cloud Capacity Specialist 9. Certified Cloud Trainer The Cloud School provides on-site training, public workshops and selfstudy programs There are 21 course modules covering specific cloud security topics offered in individual one-day courses. The certifications are based of 3 to 5 of the 21 modules. Exams are provided through Prometric testing centers. 27

28 CCP Certification Matrix 28

29 Summary 1. Determine what level of assurance is required Is certification required or is self-assessment sufficient? Do you need attestation to satisfy any regulatory requirements? 2. The CSA STAR certification has a high level of rigour and the potential for broad acceptance. Based on ISO certification The CSA CCM is aligned with most of the current security frameworks and requirements The CCM provides a good framework for controls even if certification is not planned 3. There are lots of competency cloud security certifications to choose from pick the one that will have the broadest recognition in your area of involvement. Many professional certifications include training for the certification 4. The Cumulus project is very ambitious but will likely produce a broad set of results if the effort persists. 29

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy

Information Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management

More information

GRC Stack Research Sponsorship

GRC Stack Research Sponsorship GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary

More information

TOOLS and BEST PRACTICES

TOOLS and BEST PRACTICES TOOLS and BEST PRACTICES Daniele Catteddu Managing Director EMEA, Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing security assurance within

More information

The Cloud Security Alliance

The Cloud Security Alliance The Cloud Security Alliance Daniele Catteddu, Managing Director EMEA & OCF-STAR Program Director Cloud Security Alliance ABOUT THE CLOUD SECURITY ALLIANCE To promote the use of best practices for providing

More information

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012 Cloud Security Alliance and Standards Jim Reavis Executive Director March 2012 About the CSA Global, not for profit, 501(c)6 organization Over 32,000 individual members, 120 corporate members, 60 chapters

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Open Certification Framework. Vision Statement

Open Certification Framework. Vision Statement Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption

More information

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization

More information

Global Efforts to Secure Cloud Computing

Global Efforts to Secure Cloud Computing April 2012 Global Efforts to Secure Cloud Computing Jim Reavis Executive Director Cloud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

Building an Effective

Building an Effective Building an Effective Cloud Security Program Becky Swain Co-Founder/Chair, CSA CCM Board Member, CSA Silicon Valley Chapter Partner, EKKO Consulting Marlin Pohlman Co-Chair, CSA CCM Co-Chair/Founder, CSA

More information

Compliance and the Cloud: What You Can and What You Can t Outsource

Compliance and the Cloud: What You Can and What You Can t Outsource Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

More information

Deploying Cloud Security Standards The MTCS Experience

Deploying Cloud Security Standards The MTCS Experience Deploying Cloud Security Standards The MTCS Experience Presented to ASEAN CSA Summit 2015 Tao Yao Sing Assistant Director, National Cloud Computing Office 12 June 2015 Background Cloud security is always

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

With Eversync s cloud data tiering, the customer can tier data protection as follows:

With Eversync s cloud data tiering, the customer can tier data protection as follows: APPLICATION NOTE: CLOUD DATA TIERING Eversync has developed a hybrid model for cloud-based data protection in which all of the elements of data protection are tiered between an on-premise appliance (software

More information

In the Cloud We Trust!

In the Cloud We Trust! In the Cloud We Trust! Dejan Cvetkovic CTO, Microsoft CEE ISACA, Athens, Greece, November 24 th, 2015 Agenda Compliance for Financial Services The Microsoft Approach to Compliance Risk Management and Threat

More information

Logically Securing a Public Cloud Service

Logically Securing a Public Cloud Service SESSION ID: CIN-W07 Logically Securing a Public Cloud Service Tim Mather CISO Cadence Design Systems @mather_tim Disclaimer: AWS (Amazon Web Services) is referenced in this presentation extensively, only

More information

Robert Brammer. Senior Advisor to the Internet2 CEO rfbtech@internet2.edu. Internet2 NET+ Security Assessment Forum. 8 April 2014

Robert Brammer. Senior Advisor to the Internet2 CEO rfbtech@internet2.edu. Internet2 NET+ Security Assessment Forum. 8 April 2014 Robert Brammer Senior Advisor to the Internet2 CEO rfbtech@internet2.edu Internet2 NET+ Security Assessment Forum 8 April 2014 INTERNET2 NET+ Security Initiative Primary objective -- develop guidance to

More information

Cloud Audit and Cloud Trust Protocol. By David Lingenfelter 2011

Cloud Audit and Cloud Trust Protocol. By David Lingenfelter 2011 Cloud Audit and Cloud Trust Protocol By David Lingenfelter 2011 Background > MaaS360 SaaS Cloud Model > Mobile Device Management > FISMA Moderate Certified > SAS-70/SOC-2 Cloud Adoption Obstacles Planning

More information

Amazon Web Services: Risk and Compliance January 2013

Amazon Web Services: Risk and Compliance January 2013 Amazon Web Services: Risk and Compliance January 2013 (Please consult http://aws.amazon.com/security for the latest version of this paper) Page 1 of 59 This document intends to provide information to assist

More information

GRC and Cloud Services. By David Lingenfelter 2012

GRC and Cloud Services. By David Lingenfelter 2012 GRC and Cloud Services By David Lingenfelter 2012 Background > MaaS360 SaaS Cloud Model > Mobile Device Management > FISMA Moderate Certified > SAS-70/SOC-2 > Member of the Cloud Security Alliance > Participant

More information

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014 IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges

More information

Security Lessons Learned: Enterprise Adoption of Cloud Computing

Security Lessons Learned: Enterprise Adoption of Cloud Computing SESSION ID: CDS-R03 Security Lessons Learned: Enterprise Adoption of Cloud Computing Jim Reavis Chief Executive Officer Cloud Security Alliance @cloudsa Agenda What we are going to cover The current &

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors 1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Selecting a Cloud Service Provider (CSP)

Selecting a Cloud Service Provider (CSP) Selecting a Cloud Service Provider (CSP) Steven C. Markey, MSIS, PMP, CISSP, CIPP, CISM, CISA, STS-EV, CCSK, CompTIA Cloud Essentials Principal, ncontrol, LLC Adjunct Professor President, Cloud Security

More information

Anypoint Platform Cloud Security and Compliance. Whitepaper

Anypoint Platform Cloud Security and Compliance. Whitepaper Anypoint Platform Cloud Security and Compliance Whitepaper 1 Overview Security is a top concern when evaluating cloud services, whether it be physical, network, infrastructure, platform or data security.

More information

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Cloud Standardization, Compliance and Certification Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak Todays Agenda IT Resourcing with Cloud Computing and related challenges Landscape

More information

Protecting Data and Privacy in the Cloud

Protecting Data and Privacy in the Cloud Protecting Data and Privacy in the Cloud Contents 1 3 6 9 12 13 Protecting Data and Privacy in the Cloud an Introduction Building Services to Protect Data Protecting Data in Service Operations Empowering

More information

IT Audit in the Cloud

IT Audit in the Cloud IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Ensuring Cloud Security Using Cloud Control Matrix

Ensuring Cloud Security Using Cloud Control Matrix International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 3, Number 9 (2013), pp. 933-938 International Research Publications House http://www. irphouse.com /ijict.htm Ensuring

More information

Assessing Risks in the Cloud

Assessing Risks in the Cloud Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research

More information

Appendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs.

Appendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs. Appendix D-1 to Aproove Saas Contract : Security and solution hosting provider specs. The hosting company retained by Aproove is Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 USA.

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and customers to fully embrace and benefit from cloud services. We are committed

More information

Cloud Computing What Auditors need to know

Cloud Computing What Auditors need to know Cloud Computing What Auditors need to know This presentation is provided solely for educational purposes and, in developing and presenting these materials, Deloitte is not providing accounting, business,

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey A Comparison of IT Governance & Control Frameworks in Cloud Computing Jack D. Becker ITDS Department, UNT & Elana Bailey ITDS Department, UNT MS in IS AMCIS 2014 August, 2014 Savannah, GA Presentation

More information

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look

More information

Agenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems

Agenda 4/21/2015. Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems Evelyn de Souza Chair Cloud Security Alliance Data Governance Chair/ Data Privacy and Compliance Leader Cisco Systems Cloud Security Alliance, 2015 Agenda Charter /Members What is Data Governance Data

More information

Cloud for Your Business

Cloud for Your Business Whitepaper Red Hat Enterprise Linux OpenStack Platform A Cost-Effective Private Cloud for Your Business Introduction The cloud is more than a marketing concept. Cloud computing is an intentional, integrated

More information

Cloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager

Cloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager Cloud Computing An Internal Audit Perspective Heather Paquette, Partner Tom Humbert, Manager March10 2011 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

Today s Speakers. A Conversation with Robbie Forkish, Forkish Consulting 9/1/2009. Webtorials Editorial/Analyst Division

Today s Speakers. A Conversation with Robbie Forkish, Forkish Consulting 9/1/2009. Webtorials Editorial/Analyst Division Security In The Cloud A Conversation with Robbie Forkish, Forkish Consulting Webtorials Editorial/Analyst Division Produced and distributed by: Today s Speakers Steven Taylor Co-Founder Editorial/Analyst

More information

Public Cloud Workshop Offerings

Public Cloud Workshop Offerings Cloud Perspectives a division of Woodward Systems Inc. Public Cloud Workshop Offerings Cloud Computing Measurement and Governance in the Cloud Duration: 1 Day Purpose: This workshop will benefit those

More information

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago

Global Efforts to Secure Cloud Computing. Jason Witty President, Cloud Security Alliance Chicago Global Efforts to Secure Cloud Computing Jason Witty President, Cloud Security Alliance Chicago Cloud: Ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart

More information

Amazon Web Services: Risk and Compliance July 2012

Amazon Web Services: Risk and Compliance July 2012 Amazon Web Services: Risk and Compliance July 2012 (Please consult http://aws.amazon.com/security for the latest version of this paper) 1 This document intends to provide information to assist AWS customers

More information

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1

Data Risk Management: ISM Ground to Cloud Summit. accelerate your ambition 1 Data Risk Management: ISM Ground to Cloud Summit accelerate your ambition 1 John Jones Branch Practice Manager Networking, Communications & Security Solutions John.Jones@dimensiondata.com Justin Evans

More information

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014

TRUSTED CLOUD. Our commitment to provide a cloud you can trust. Fernando Machado Píriz September 2014 TRUSTED CLOUD Our commitment to provide a cloud you can trust Fernando Machado Píriz September 2014 Technology Trends Driving cloud adoption 71% of strategic buyers cite scalability, cost and business

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

A view from the Cloud Security Alliance peephole

A view from the Cloud Security Alliance peephole A view from the Cloud Security Alliance peephole Cloud One million new mobile devices - each day! Social Networking Digital Natives State Sponsored Cyberattacks? Organized Crime? Legal Jurisdiction & Data

More information

! Global Efforts to Secure! Cloud Computing

! Global Efforts to Secure! Cloud Computing ay 2012! Global Efforts to Secure! Cloud Computing Jim Reavis Executive Director loud: ushering in IT Spring Technology consumerization and its offspring Cloud: Compute as a utility Smart Mobility: Compute

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information

Data, Data, Who Has The Data?

Data, Data, Who Has The Data? Data, Data, Who Has The Data? 13 February 2015 Mari Heiser IBM STSM (Senior Technical Staff Member) Master Certified Architect IBM Cloud Security and Compliance Twitter: @MariHeiser What is Cloud? The

More information

Working Group on. First Working Group Meeting 29.5.2012

Working Group on. First Working Group Meeting 29.5.2012 Working Group on Cloud Security and Privacy (WGCSP) First Working Group Meeting 29.5.2012 1 Review of fexisting i Standards d and Best Practices on Cloud Security Security Standards and Status List of

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Close-Up on Cloud Security Audit

Close-Up on Cloud Security Audit Close-Up on Cloud Security Audit Douglas W. Barbin 2014 BrightLine CPAs & Associates, Inc. All Rights Reserved 1 About Me Partner at BrightLine 17 years experience in security, assessments, forensics,

More information

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members

More information

Cloud and Regulations: A match made in heaven, or the worst blind date ever?

Cloud and Regulations: A match made in heaven, or the worst blind date ever? Cloud and Regulations: A match made in heaven, or the worst blind date ever? Vinod S Chavan Director Industry Cloud Solutions, IBM Cloud October 28, 2015 Customers are faced with challenge of balancing

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A

Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Brochure More information from http://www.researchandmarkets.com/reports/2213812/ Auditing Cloud Computing. A Security and Privacy Guide. Wiley Corporate F&A Description: The auditor's guide to ensuring

More information

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com

Cloud Security & Risk. Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Cloud Security & Risk Adam Cravedi, CISA Senior IT Auditor acravedi@compassitc.com Agenda About Compass Overcast - Cloud Overview Thunderheads - Risks in the Cloud The Silver Lining - Security Approaches

More information

Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Grid-Interop 2012

Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Grid-Interop 2012 Cloud Computing 101 Dissipating the Fog 2012/Dec/xx Why the interest in Clouds? A method to avoid/defer CAPEX/OPEX and possibly accelerating implementation 2 It all started here - Timeshare Computers and

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101

Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101 Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro

More information

Cloud Computing - Starting Points for Privacy and Transparency

Cloud Computing - Starting Points for Privacy and Transparency Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbüttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg,

More information

Securing the Microsoft Cloud

Securing the Microsoft Cloud Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from

More information

INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE

INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE Multi-Tiered Cloud Security Standard for Singapore (MTCS SS) Audit Checklist Report For cross-certification from MTCS SS to Cloud Security Alliance (CSA) Security,

More information

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing

Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Cloud Security Alliance: Industry Efforts to Secure Cloud Computing Jim Reavis, Executive Director September, 2010 Cloud: Dawn of a New Age Art Coviello - the most overhyped, underestimated phenomenon

More information

HIPAA and HITRUST - FAQ

HIPAA and HITRUST - FAQ A COALFIRE WHITE PAPER HIPAA and HITRUST - FAQ by Andrew Hicks, MBA, CISA, CCM, CRISC, HITRUST CSF Practitioner Director, Healthcare Practice Lead Coalfire February 2013 Introduction Organizations are

More information

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015

Cloud Computing Policy 1.0 INTRODUCTION 2.0 PURPOSE. Effective Date: July 28, 2015 Cloud Computing Policy Effective Date: July 28, 2015 1.0 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually

More information

NCTA Cloud Architecture

NCTA Cloud Architecture NCTA Cloud Architecture Course Specifications Course Number: 093019 Course Length: 5 days Course Description Target Student: This course is designed for system administrators who wish to plan, design,

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

Intermedia s Dedicated Exchange

Intermedia s Dedicated Exchange Intermedia s Dedicated Exchange This is a practical guide to implementing Intermedia s Dedicated Hosted Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading

More information

Building Trust in Global Cloud Computing Systems

Building Trust in Global Cloud Computing Systems Building Trust in Global Cloud Computing Systems Jim Reavis, CEO & Founder Cloud Security Alliance Global, not-for-profit organization Building security best practices for next generation IT Research and

More information

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our

More information

Cloud Computing in a Regulated Environment

Cloud Computing in a Regulated Environment Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2

More information

The Education Fellowship Finance Centralisation IT Security Strategy

The Education Fellowship Finance Centralisation IT Security Strategy The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and

More information

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Cloud Security Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014 Agenda Introduction Security Assessment for Cloud Secure Cloud Infrastructure

More information

Certified Cloud Computing Professional VS-1067

Certified Cloud Computing Professional VS-1067 Certified Cloud Computing Professional VS-1067 Certified Cloud Computing Professional Certification Code VS-1067 Vskills Cloud Computing Professional assesses the candidate for a company s cloud computing

More information

Building More Reliable Cloud Services The CUMULUS Project

Building More Reliable Cloud Services The CUMULUS Project Building More Reliable Cloud Services The CUMULUS Project Antonio Álvarez Romero aalvarez@wtelecom.es London, 17 th June 2014 1 Table of contents Motivations Goals to be achieved What is CUMULUS? Application

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Cloud Service Providers Overcoming security and compliance barriers

Cloud Service Providers Overcoming security and compliance barriers Cloud Service Providers Overcoming security and compliance barriers Dr Theodoros Stergiou, CEng, CPMM Security Solutions Product Manager & Cloud Security Officer Agenda A brief introduction Security barriers

More information

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society

More information

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom

Cloud Architecture and Management. M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom Cloud Architecture and Management M.I. Deen General Manager (Enterprise Solutions) Sri Lanka Telecom Cloud Computing Architecture Reference Architecture, Terminology and Definitions Akaza Cloud Architecture

More information

CompTIA Cloud Essentials Certification Exam Objectives (CLO-001)

CompTIA Cloud Essentials Certification Exam Objectives (CLO-001) CompTIA Cloud Essentials Certification Exam Objectives (CLO-001) INTRODUCTION The CompTIA Cloud Essentials Certification Exam is a vendor-neutral technical qualification. The Cloud Essentials exam is relevant

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information